On Fri, 10 Dec 2010, Hu, Eric wrote:

> So, even though axTLS is still failing some https tests, is this good enough
> for now?

Since the impact is very small on non-axTLS parts I think it is good enough to
get pushed - after the pending release (planned to happen on Thursday).

Functionality wise, axTLS doesn't like my ca cert bundle so whatever site I
try I can't get axTLS to play with me. See below, but the exact site doesn't
seem to matter:

$ ./src/curl https://www.sf.net/ -1 -v -k
* About to connect() to www.sf.net port 443 (#0)
* Trying 216.34.181.60... connected
* Connected to www.sf.net (216.34.181.60) port 443 (#0)
Error: Invalid X509 ASN.1 file
* error reading ca cert file /etc/ssl/certs/ca-certificates.crt
* Curl_axtls_close
Error: No trusted cert is available
* Closing connection #0
* Curl_axtls_close
* Curl_axtls_close
* Curl_axtls_close
* SSL peer certificate or SSH remote key was not OK
curl: (51) SSL peer certificate or SSH remote key was not OK
* Curl_axtls_close_all

(The ca cert is the one Debian unstable ships and it should be fine as it
works with OpenSSL and GnuTLS etc.)

> I could probably put together an axTLS patch for tests 311 and 312. Adding
> CRL for test 313 and getting axTLS working with multi (test 560) aren't so
> straightforward (at least not to me at the moment), though given enough
> time, I could probably sort them out.

Hopefully others can also join in and help smoothen the remaining rough edges
once there's basic support added.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html